8000 GitHub - burakcanbalta/honeypot: An advanced Python honeypot with SSH simulation, real-time alerts, GeoIP lookup, and automated threat reporting. Designed for Red Team, SOC, and cybersecurity research.
[go: up one dir, main page]
Skip to content
/ honeypot Public

An advanced Python honeypot with SSH simulation, real-time alerts, GeoIP lookup, and automated threat reporting. Designed for Red Team, SOC, and cybersecurity research.

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

burakcanbalta/honeypot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
honeypot_final.py
honeypot_final.py
 
 
honeytrap_config.json
honeytrap_config.json
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🐝 HoneyTrapTR — Advanced Deception and Monitoring Honeypot

HoneyTrapTR is a versatile and robust honeypot designed for advanced network security operations. It emulates a live SSH environment, records malicious behaviors, and performs real-time threat intelligence and response actions with automated integrations.

🔍 Overview

HoneyTrapTR is built to lure, monitor, and analyze unauthorized access attempts in a stealthy and realistic way. It's ideal for both offensive security professionals and defensive analysts who need a reliable deception tool to detect, analyze, and react to potential intrusions.

✨ Core Capabilities

  • SSH Emulation — Simulates an interactive terminal with basic command responses (ls, whoami, etc.)
  • Credential Logging — Captures and stores login attempts (usernames/passwords)
  • GeoIP & WHOIS Lookup — Extracts country and organization data of attacker IPs
  • Download Trap — Monitors for wget or curl usage and logs URLs
  • Real-Time Alerts — Sends Discord notifications for every incident
  • AbuseIPDB Reporting — Reports malicious IP addresses to AbuseIPDB
  • Silent Operation Mode — Optionally runs without revealing any interaction to the attacker
  • Live Firewall Rules — Applies iptables rules to block repeated attackers instantly
  • Web Dashboard — Flask-powered visual log viewer (localhost:5000)

🛠 Intended Use Cases

  • Cyber Threat Intelligence: Feed real-world attacker behavior into your analysis workflows.
  • Red/Blue Team Operations: Simulate high-value targets and observe tactics, techniques, and procedures (TTPs).
  • Security Education: Use in cybersecurity labs and training environments.
  • SOAR Pipelines: Integrate with automation playbooks via Discord/AbuseIPDB hooks.

👥 Ideal For

  • Red team operators
  • Blue team defenders / SOC analysts
  • Security educators
  • Cybersecurity researchers
  • Ethical hackers and hobbyists

🚀 Quick Start

git clone https://github.com/yourname/HoneyTrapTR
cd HoneyTrapTR
pip install -r requirements.txt
sudo python3 honeypot_final.py

Start the web dashboard:

python3 panel.py

⚙ Configuration

Edit honeypot_final.py:

DISCORD_WEBHOOK_URL = "https://discord.com/api/webhooks/..."
ABUSEIPDB_API_KEY = "your_key"
SILENT_MODE = False  # Set True for passive logging only
ENABLE_FIREWALL_BLOCK = True

⚖ Legal Disclaimer

This software is intended strictly for authorized testing and research purposes. Unauthorized deployment or use against third-party networks may be illegal.

📄 License

MIT License – free to use, modify and distribute under open source terms.

About

An advanced Python honeypot with SSH simulation, real-time alerts, GeoIP lookup, and automated threat reporting. Designed for Red Team, SOC, and cybersecurity research.

Topics

socket honeypot socket-io python3 cybersecurity ethical-hacking network-security threat-intelligence deception redteam

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
0